Over the past few years, the major U.S. mobile carriers have been in the spotlight over allegations that they have been selling their subscribers’ real-time geolocation data, including highly precise assisted GPS (A-GPS) information designed for use with “Enhanced 911” (E911). The Federal Communications Commission requires mobile carriers to offer E911, a service that provides 911 operators with a wireless caller’s location information, generally accurate within 50 to 300 meters.
There’s nothing wrong with saying that you “own” data. Public Knowledge has supported data ownership as a colloquialism that reflects an intuition: Data about us provides information regarding the intimacies of our very identity and existence. Speaking in this way, we should certainly “own” or have control over that data to protect our fundamental right to privacy.
Facebook CEO Mark Zuckerberg recently published an op-ed in the Washington Post naming a role for government and regulation around four specific policies that continue to be concerns for users of Facebook and broader digital platforms. In two areas (privacy and political advertising) Zuckerberg reiterates Facebook’s agreement with previous legislative proposals, including parts of the General Data Protection Regulation (GDPR) in the European Union and (although not named) concepts from the Honest Ads Act introduced by Senators Amy Klobuchar, Mark Warner, and the late John McCain. In addition to these two topics, Zuckerberg also moves towards responding to calls from the public interest community for stronger content moderation of hateful content and for meaningful data portability to promote competition in a market that trends towards dominant platforms. While some may view yet another Facebook op-ed cynically, I believe this one should be welcomed.
Last week, thanks to investigative reporting, we learned that Facebook discovered in January that it was storing millions of users’ passwords in plain text format, making them fully readable for thousands of its employees. Facebook has acknowledged that this was a serious security error and privacy breach on its side, as its systems, ideally, “are designed to mask passwords using techniques that make them unreadable”, and promised that it “will be notifying everyone whose passwords we have found were stored in this way.” There is no evidence that any of the thousand employees with access to these unencrypted passwords actually accessed them, but Facebook’s decision to remain mum reveals an important lesson for the overarching privacy and security policy debate. Importantly, data security incidents are a widespread problem that goes well beyond Facebook.
According to reports, the Federal Trade Commission plans to open a study into the technology industry’s data practices. Called a “6(b)” study, this type of study enables the agency to broadly review an industry practice and allows the agency to compel information from witnesses. Public Knowledge previously urged the FTC to conduct such a study and commends the move to shine a light on the competitive impacts of these data practices.